Quote:
Originally Posted by SmokeyTheBear
i was uploading some stuff today for site and suddenly the ftp connection was closed and i couldnt login.
Turns out the host ( webair ) has a security feature that scans uploaded files for a virus and if found it closes the connection and changes the ftp password for you. Kind of a neat feature i suppose , but i went to isolate the file it was finding and it was a variation of this
Code:
<?php
$out = "http://yahoo.com";
?>
<html>
<head>
<script>
function xtb(){
top.location.href="<?php echo $out; ?>";
}
</script>
</head>
<body>
hello<br>
<iframe id=xnsi onload="xtb();" src=http://google.com width=1 height=1></iframe>
</body>
</html>
although the code could be used to initiate a virus , it isn't malicious or a virus on its own.
interesting to note although they change your ftp password for you they dont delete the file that was found to be a virus.
try it out if you want , save code and upload to webair , it will log you off and change your pass.
curious , where does webair get its virii defs from |
So it's redirecting to Yahoo and loading Google in a somewhat hidden iframe? I take it you just changed the URL's so you could post it?
Anyhow, if a host deleted files suspected to contain malicious code they would quickly be in deep shit when peoples index files and other important pages come up missing, which is where most malicious code is planted.